EMV chips connect with a payment machine to tell the merchant whether the card is counterfeit, so they provide more security than traditional credit cards.

Credit cards with EMV chips are already being used across most of the world, and anyone who’s been to Europe in the last few years will have encountered them. (Last year on a trip to Sweden I had merchants ask me to insert my card rather than swipe it.) American businesses have until 2015 to switch over to payment processing machines that work with EMV, but Square is obviously not waiting around.

Square said the new reader hardware will be smaller and faster than other scanners and will cost less. The new Square reader won’t be free to clients, but the company hasn’t yet released any pricing, according to a New York Times report.

It’ll be interesting to see if Square can get a larger foothold in the payments market by pushing out its EMV-enabled readers before everyone else.

]]>0Square to launch new card reader that works with EMV chipsHackers could use ‘The Internet of Things’ to turn everyday devices into paths of attackhttp://venturebeat.com/2013/02/26/hacking-internet-of-things/
http://venturebeat.com/2013/02/26/hacking-internet-of-things/#commentsTue, 26 Feb 2013 23:49:58 +0000http://venturebeat.com/?p=628799Connecting devices to the Internet will ultimately create a number of new and unexpected attack vectors. Lookout Mobile's chief technology officer set out to hack all the things.
]]>

The “Internet of Things” is great — we’ll soon be able to build apps for our cars, thermostats, refrigerators, and more. But what happens when attackers get into your company’s system through an ice maker instead of the phishing email we’re all so used to?

“Every digital thing ever made has flaws, and there are two ways to deal with that: You hide them and bury them … or you deal with the outside risks and you respond really quickly,” said Lookout Mobile chief technology officer Kevin Mahaffey in an interview with VentureBeat.

“The Internet of Things,” or all the physical devices that you can connect to the Internet, opens up new doors for attackers trying to get into your company’s systems. Mahaffey set out to attack all the devices he could find in his office and home and see just how weak some of them really are. This included his thermostat, Blu-ray player, Apple TV, printer, VoIP phone, projector, white board, and other devices that all connect to the Internet (and likely your company’s network).

“These are the things that hackers lust after,” said Mahaffey during a presentation at the RSA conference in San Francisco. “A lot of these devices have a pretty big attack surface.”

Lucky for us, a lot of these — in particular the thermostats — encrypt their data flows and are difficult to be hacked by traditional means.

The Nest thermostat passed the test, using a secure form of encryption and properly signing their own certificates. Apple TV also passed the test. Things like printers, VoIP phones, a certain kind of smart thermostat called EcoBee, and even a coffee maker did not, however.

But what’s so concerning? Oh, no, someone turned my air conditioning on, boo-hoo. Well, what if all the thermostats in a city suddenly turned their air conditioning on high? Mahaffey explained it could be a means to blow out the power grid. Printers have access to your sensitive documents and directly connect to your networks.

And what about things like fire alarms and HVAC systems that aren’t currently connected to the Internet — but could be someday soon? Maybe the new form of DDoSing a website is to trip the fire sprinklers to rain on a data center.

Mahaffey told VentureBeat he’s most concerned about severe attacks from fire systems and card readers. We’ve already seen big-name organizations such as RSA and the Department of Defense fall to attacks on card readers.

“Who cares about the security guy if you can badge your way in?” said Mahaffey.

He suggests that companies start planning for The Internet of Things now by using modern cryptography to protect all the traffic running in and out of all of their systems. He also suggests IT departments purposefully watch network flows to see what devices are communicating with what parts of the network and then segment devices. For example, your Internet-connected coffee maker likely doesn’t need to talk to your source code server.

Mahaffey goes farther to say that the device vendors themselves should start penetration testing their devices and that the companies who use them should do the same. Otherwise, we’ll suffer from the fact that many of these devices do not get patched often but do get closer and closer to the critical systems we use in our businesses every day.

Kevin Mahaffey image via Meghan Kelly/VentureBeat

]]>0Hackers could use ‘The Internet of Things’ to turn everyday devices into paths of attackHack on hotel locks leads to theft in Texashttp://venturebeat.com/2012/11/26/hotel-hack-theft/
http://venturebeat.com/2012/11/26/hotel-hack-theft/#commentsTue, 27 Nov 2012 03:04:26 +0000http://venturebeat.com/?p=579896A woman's hotel room was burglarized due to a known vulnerability in hotel key card readers from Onity. The robbery occurred at a Hyatt in Houston, Texas.
]]>

A woman’s hotel room was burglarized due to a known vulnerability in hotel key card readers from Onity, according to Forbes. The robbery occurred at a Hyatt in Houston, Texas.

According to Forbes, Janet Wolf’s laptop was stolen in September after Matthew Allen Cook allegedly used a hack made public at a security conference in July to force the locks and gain access to Wolf’s Hyatt House Galleria room. Cook was arrested and charged with theft.

Mozilla security researcher Cody Brocious first showed off his hack at the Black Hat conference in Las Vegas. Forbes reported the story a week before the conference, saying, Brocious didn’t plan on telling Onity before the presentation. Brocious created a device that plugs into a DC power port on the Onity hotel card readers. He said it cost him less than $50 to make it, and all he needed to do was plug it in, turn it on, and the lock would open.

In order to fix the issue, according to Forbes, the Hyatt House Galleria used putty to fill the holes, blocking off the DC port.

You might wonder why in three months the company hasn’t made a less damaging fix to this vulnerability, but it’s not that simple. It’s not like the key card readers are all linked together and can be updated remotely. In order to fix the reader, Onity would need to develop a new reader that did not have the vulnerability and then get hotels using its readers to replace all of the “compromised” ones. And a lot of those hotels likely don’t have the budget to do a lock upgrade.

We reached out to Onity for comment, but have not heard back from the company.

]]>0Hack on hotel locks leads to theft in TexasExclusive: a sneak peek at the new tablet taxi Verifone is bringing to New York Cityhttp://venturebeat.com/2012/04/05/verifone-tablet-taxi-square-new-york-cab/
http://venturebeat.com/2012/04/05/verifone-tablet-taxi-square-new-york-cab/#commentsThu, 05 Apr 2012 12:17:52 +0000http://venturebeat.com/?p=412600Gaming execs: Join 180 select leaders from King, Glu, Rovio, Unity, Facebook, and more to plan your path to global domination in 2015. GamesBeat Summit is invite-only -- apply here. Ticket prices increase on March 6 Pacific! One thing Sam hates about being a Manhattan cabbie is picking up tourists hoping to see a Broadway show. “They are always yelling at me, […]
]]>Gaming execs:Join 180 select leaders from King, Glu, Rovio, Unity, Facebook, and more to plan your path to global domination in 2015. GamesBeat Summit is invite-only -- apply here. Ticket prices increase on March 6 Pacific!

One thing Sam hates about being a Manhattan cabbie is picking up tourists hoping to see a Broadway show. “They are always yelling at me, drive faster, we’ve still got to buy our tickets.”

So Sam, who asked we not use his last name, was first on line to try out Verifone’s new taxi tablets, which are being piloted in about 100 Big Apple cabs in place of the traditional TV unit. One of the features being tested is the ability for riders to purchase tickets for movies or Broadway shows during the ride, and get their ticket printed out along with their receipt.

Riders hoping to hop in a cab, check their email and play a quick game of angry birds are in for a letdown. “We’ve tested it, and believe, playing angry birds in a moving vehicle is not as fun as it sounds,” said Jason Gross, Verifone’s director of strategy and marketing, who came along for the test ride. Half the time we’re in a taxi it doesn’t seem to moving much at all, but let’s not quibble.

Some of the cool things Gross and his team are testing out: social media integration that displays tweets and facebook updates geo-tagged to your current location as you’re travelling. A lottery service that lets riders buy their tickets at the same time as they are paying the fare, and credits the winnings directly to their account if they use a debit card.And if riders decide to swipe their cards at the beginning of the ride, so that they can pay quickly at the end, Gross says Verifone is testing out ways to personalize the TV and news experience based on past preferences. “We just want to be careful to protect people’s privacy, because this is based off a payment,” Gross emphasized.

The new tablet taxis are being tested in part because Square, the red-hot Silicon Valley payment startup, convinced the city to allow it to test out its own tablet taxi that would use an iPad and a Square credit card reader. “We welcome the competition, but I don’t think Square really knows what it takes to support a fleet of cabs,” said Chris Polos, Verifone’s vice-president of sales. “This is a mission critical unit, its illegal for cabbies to drive without them. If it breaks, we can get it repaired and running again 24/7. I’m not sure Square can say the same.”

Instead of an iPad, Polos says Verifone is using an tablet they built themselves with open source hardware and running Windows XP. “We’re all about bringing more competition and finding ways to drive down the costs for drivers and riders,” Polos said. What about the fact that Square would offer lower fees than traditional credit card readers, we asked. “You get what you pay for. They aren’t going to have streaming TV bringing news to riders. What they offering sounds like a stripped down experience, basically just a tablet with a map.”

Them’s fighting words, but we’ll be bringing you all the details of Square’s efforts in the near future, when we take a ride along in one of their pilot taxi cabs.

]]>0Exclusive: a sneak peek at the new tablet taxi Verifone is bringing to New York CityPayPal to take on Square with lower fees and spiffy blue designhttp://venturebeat.com/2012/03/14/paypal-to-take-on-square-with-lower-fees-and-spiffy-blue-design/
http://venturebeat.com/2012/03/14/paypal-to-take-on-square-with-lower-fees-and-spiffy-blue-design/#commentsWed, 14 Mar 2012 21:56:45 +0000http://venturebeat.com/?p=403499Gaming execs: Join 180 select leaders from King, Glu, Rovio, Unity, Facebook, and more to plan your path to global domination in 2015. GamesBeat Summit is invite-only -- apply here. Ticket prices increase on March 6 Pacific! PayPal is expected to show off a credit card reader tomorrow that will compete directly with Square’s product. Now we have a clearer idea of […]
]]>Gaming execs:Join 180 select leaders from King, Glu, Rovio, Unity, Facebook, and more to plan your path to global domination in 2015. GamesBeat Summit is invite-only -- apply here. Ticket prices increase on March 6 Pacific!

PayPal will reportedly charge merchants using its card reader only 2.7 percent of every transaction, lower than Square’s 2.75 percent charge, two sources told Bloomberg. The sources said that the device will be shaped like a blue triangle, an obvious jab at Square’s design, and will sport a high-end design, courtesy of the Yves Behar-founded design firm Fuseproject, best known for designing Jawbone’s bluetooth headsets and wireless speakers.

Both of those details make it clear that PayPal is aiming for Square’s jugular. But, if true, they don’t seem like big enough improvements over Square to entice consumers away. Square could easily lower its transaction fees to compete, and a fancy design likely won’t matter much to people who just want to make payments easily. Square, which was founded in 2009, also has a huge head start on PayPal, and is free from the terrible customer service reputation that haunts PayPal.

Square isn’t PayPal’s only competitor either: Intuit’s GoPayment device, which also plugs into your smartphone’s headphone jack, has been available longer than Square (though doesn’t get nearly as much hype).

Online payments company PayPal will launch a credit card reader for mobile devices that will compete with Square, Intuit, and others at an event Thursday, according to GigaOM.

The conversation about mobile card readers is often dominated by Square, which now has three applications for phones and tablets and is now processing $4 billion in annual mobile payments. But eBay-owned PayPal, which has a huge hold on online payment processing, has been inching slowly toward mobile payments as well. At Mobile World Congress two weeks ago, PayPal announced the PayPal Carrier Payment Network, which aims to create standards in carrier payments. The company also demonstrated a new “digital wallet” at SXSW Interactive last week.

On Thursday, PayPal is expected to go further than before with a new dongle that can attach to various phones through a standard headphone jack. It will likely be shaped like a triangle, most likely so it won’t be confused with Square’s square-shaped dongle. One place we will likely see the new dongle in action will be Home Depot, which plans to offer PayPal payments at its nearly 2,000 stores in the U.S.

We will see on Thursday if the rumors hold true. Check back with us then to see if PayPal does indeed launch a new card reader and how it will change the mobile payments landscape.

VentureBeat is holding its second annual MobileSummit this April 2-3 in Sausalito, Calif. The invitation-only event will debate the five key business and technology challenges facing the mobile industry today, and participants — 180 mobile executives, investors, and policymakers — will develop concrete, actionable solutions that will shape the future of themobile industry. You can find out more at our Mobile Summit site.

Researchers are working on an on/off switch for the next generation of credit cards. No, not to stop you from spending money you shouldn’t, but to help protect you from theft and fraud.

Credit cards are moving away from magnetic strips to more modern, no-contact technology. Now, with radio frequency identification (RFID) chips or near-field communication (NFC) cards, you can just wave your credit card in front of a reader to quickly pay for a cup of joe.

However, this ease could open up the doors for a new type of criminal. In theory, shady characters with portable scanners can read the information off your RFID card by getting close enough to you that your card is in their reader’s electromagnetic field. This type of theft hasn’t taken off yet, due to clunky technology and minimal monetary gain (most RFID and NFC cards have low spending caps), but an on/off trick could be a smart preventative step.

Researchers at the Pittsburgh Swanson School of Engineering are working on a simple new technology that would require customers to place their finger on the card to turn it “on” when they pay. When you place your finger on a specific spot on the card, say a logo or icon, it would complete a circuit and enable readers to charge the card. If the circuit isn’t complete, the card’s NFC or RFID technology would be disabled.

“Our new design integrates an antenna and other electrical circuitry that can be interrupted by a simple switch, like turning off the lights in the home or office,” explains professor Marlin Mickle in a statement. “The RFID or NFC credit card is disabled if left in a pocket or lying on a surface and unreadable by thieves using portable scanners.”

The extra step would take very little time for the customer, and researchers think the technology would be fairly easy and inexpensive for credit card companies to adopt. They recently filed a patent application for the on/off card technology.

Payments and financial software provider Intuit has its own mobile card swipe reader, but that’s not stopping it from saying card readers’ days are numbered.

For all the development the company has sunk into its reader — two years’ worth, since the company began working on it in February 2009 — Intuit’s payments product manager Christopher Battles told VentureBeat that the card readers will be extinct as soon as a new technology can replace it.

Intuit began distributing those card readers for free along with a pre-paid card for all Intuit GoPayment users in 2009. Whenever a small business swipes a card makes a transaction, Intuit takes a 2.7 percent transaction fee and then delivers the funds to the pre-paid account. The transaction takes a little more than a day to process, Battles said.

Intuit will tell you any day of the week its reader isn’t like Square’s, its main competitor, whose reader plugs into a headphone jack on mobile devices like the iPhone or iPad. Square has garnered lots of hype even though Intuit’s reader was on the market first. Intuit also benefits from its brand recognition as a financial services software company — it also develops popular software like TurboTax and QuickBooks.

“We’re competing with a 7-second transaction time, it’s hard to provide enough features to compete with that,” Battles said. “Near-field communication is interesting, it has a future, but we don’t think we’ve cracked the code on it yet.”

Another product manager on the payments team said the card readers were a short-term game for handling mobile payments.

“The reader is for today, it won’t be true eventually,” Intuit senior product manager Mary Lunnebord told VentureBeat. “And by the time we crack the code on NFC, there will probably be a third technology to replace it — no one can tell what’s going to win out right now.”